Versions Compared

Old Version 1

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

compared with

New Version 2

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

COmanage-dev Call 4-Mar-2011

Attending

Heather Flanagan, Internet2 (chair)
Ken Klingenstein, Internet2
R.L. "Bob" Morgan, U. Washington
Keith Hazelton, U. Wisc
Steven Carmody, Brown
Jim Leous, Pennsylvania State U.
Benn Oshrin, Internet2
Steve Olshansky, Internet2
Emily Eisbruch, Internet2 (scribe)

New Action Items

Wiki Markup
\[AI\] (Keith) will make sure that the COmanage glossary covers roles and groups accurately. [https://spaces.at.internet2.edu/display/COmanage/Glossary]

Wiki Markup
\[AI\] (Ken) will provide a link to the French listing regarding applicaitons and sets/bundles of attributes.

Carry Over Action Items

Wiki Markup
\[AI\] (Keith) will add to the COmanage wiki use case library the case of bridging identity using social identity credentials.

...

Wiki Markup
\[AI\] (Heather) will ask U. Chicago people to contribute an academic (intra-institutional) use case to the COmanage use case library.

DISCUSSION

Groups and Roles in CO Context

Comments included:

Wiki Markup
Definitions:
A group is a collection of things.
Roles -- a set of duties that go with a position
StevenC: In a permission system, groups are one of the things that can get mapped to roles
A position (job title) can also get mapped to a role
Benn: the COmanage development effort does not currently include the objective of doing something with roles. We need requirements before we deal with roles.
TomB: Grouper incorporates the NIST RBAC model   [http://csrc.nist.gov/groups/SNS/rbac/]
RBAC includes notions of role hierarchy and inheritance
 \[AI\] (Keith) will make sure that the COmanage glossary covers roles and groups accurately.

https://spaces.at.internet2.edu/display/COmanage/GlossaryImage Removed

Status Update (Benn)

Benn has added new items to COmanage JIRA https://bugs.internet2.edu/jira/browse/COImage Removed
A lot of the JIRA items resulted from the recent conversations with LIGO
Code is in SVN -- there is an anonymous SVN and an authenticated access SVN
The anonymous SVN may lag behind the authenticated SVN
The code corresponds to the demo running on Benn’s laptop
Will move the COmanage demo to the Internet2 servers soon
Benn is currently working on COmanage Gears (profile management)  
Focus is on getting institutional identity and correlating that with the CO identity.
Q: Keith: Does COmanage Gears currently rely on some implementation of registry and/or Grouper?

A: Benn: There are no external dependencies except for framework ( php ). On the roadmap: insert the FIFER group API and connect that API with Grouper https://wiki.jasig.org/display/FIFER/Group+API+Data+Structures+and+OperationsImage Removed

Social Identity

Question: Is what VOs need in the social identity area simpler or different from what brick and mortar institutions need?
Jim: it depends. At Penn State, we are bricks and mortar but spread over 24 location but we have a strong central identity, so can organize Penn State VOs without Shib. But at other institutions, it's possible that they need Shib to make the institution more amenable to cross-unit collaborations
StevenC stated that there are three categories of use cases driving the social identity discussion:

...

Jim raised the example of DISQUS, used by newspapers and online blogs... where a user can access the discussion using their social ID. The user can then go on after using their twitter identity to set up an account and can add things that don't exist in their twitter account.  http://disqus.com/Image Removed

Push Vs Pull Issue Raised on International Collab Call of 3-March-2011

There  was discussion on the International Collab call of different collab management platforms
Leif said Comaange is a push platform, whereas other models are pulling info
This is set on the background of the Blakely article and idea that the future is pull, http://mms.businesswire.com/bwapps/mediaserver/ViewMedia?mgid=237020&vid=1Image Removed
There may be some perception of traditional Enterprise IdM where there is a central repository of info that gets pushed out to other systems that the central enterprise can thereby control.
This perception is connected to central planning (push) and free market (pull)
There are not currently apps that support the pull model, so it's hard to imagine it working in the near future
An alternative for IdM folks is to offer an open service, but not sure how that relates to the VO scenarios
Leif was talking about applications that can dynamically generate a query during processing. A kind of late binding, not something that happens at logon time. No applications do that today.

...

CI Logon may be used in other spaces, such as OOI. Talking with GENI too.

Attribute Bundles

JimL: The CIC IAM group is discussing attribute bundles, and will possibly promote that to rest of InCommon.

There is also talk about this within VIVO http://www.ctsi.ufl.edu/2010/05/01/vivo-enabling-national-networking-of-scientists/Image Removed

Ken: The French are  working on categorization of applications and developing sets (bundles) of attributes. The idea is that there are natural categories of applications where it makes sense to recommend a particular attribute bundle

...

Steven: InCommon operations hopes by April to allow SPs to add requested attribute elements to their federation metadata.

Next COmanage-dev Call: 18-March-2011